SessionsResource.java

/*****************************************************************************************
Infosistema - OpenBaas
Copyright(C) 2002-2014 Infosistema, S.A.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
www.infosistema.com
info@openbaas.com
Av. José Gomes Ferreira, 11 3rd floor, s.34
Miraflores
1495-139 Algés Portugal
****************************************************************************************/
package infosistema.openbaas.rest;

import infosistema.openbaas.middleLayer.SessionMiddleLayer;
import infosistema.openbaas.middleLayer.UsersMiddleLayer;
import infosistema.openbaas.rest.AppResource.PATCH;
import infosistema.openbaas.utils.Const;
import infosistema.openbaas.utils.Log;
import infosistema.openbaas.utils.Utils;

import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.CookieParam;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.HeaderParam;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.NewCookie;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
import javax.ws.rs.core.UriInfo;

import org.codehaus.jettison.json.JSONException;
import org.codehaus.jettison.json.JSONObject;


//@Path(/users/{userId}/sessions)
public class SessionsResource {

	private UsersMiddleLayer usersMid;
	private SessionMiddleLayer sessionMid;
	private String appId;
	private String userId;
	

	@Context
	UriInfo uriInfo;

	public SessionsResource(String appId, String userId) {
		this.usersMid = UsersMiddleLayer.getInstance();
		this.sessionMid = SessionMiddleLayer.getInstance();
		this.appId = appId;
		this.userId = userId;
	}

	// *** CREATE *** //
	
	/**
	 * Creates a user session and returns de session Identifier (generated by
	 * the server). Required fields: "userName", "password".
	 * 
	 * @param req
	 * @param inputJsonObj
	 * @return
	 */
	@POST
	@Consumes({ MediaType.APPLICATION_JSON })
	@Produces({ MediaType.APPLICATION_JSON })
	public Response createSession(@Context HttpServletRequest req,
			JSONObject inputJsonObj, @Context UriInfo ui, @Context HttpHeaders hh) {
		String userName = null; // user inserted fields
		String attemptedPassword = null; // user inserted fields
		Response response = null;
		try {
			userName = (String) inputJsonObj.get("userName");
			attemptedPassword = (String) inputJsonObj.get("password");
		} catch (JSONException e) {
			Log.error("", this, "createSession", "Error parsing the JSON.", e); 
			return Response.status(Status.BAD_REQUEST).entity("Error reading JSON").build();
		}
		if(userName == null && attemptedPassword == null)
			return Response.status(Status.BAD_REQUEST).entity("Error reading JSON").build();
		String userId = usersMid.getUserIdUsingUserName(appId, userName);
		if (userId != null) {
			boolean usersConfirmedOption = usersMid.getConfirmUsersEmailOption(appId);
			// Remember the order of evaluation in java
			if (usersConfirmedOption) {
				if (usersMid.userEmailIsConfirmed(appId, userId)) {
					String sessionToken = Utils.getRandomString(Const.getIdLength());
					boolean validation = sessionMid.createSession(sessionToken, appId, userId, attemptedPassword);
					if (validation) {
						NewCookie identifier = new NewCookie(Const.SESSION_TOKEN, sessionToken);

						response = Response.status(Status.OK).entity(identifier).build();
					}
					response = Response.status(Status.OK).entity(sessionToken).build();
				} else {
					response = Response.status(Status.FORBIDDEN).entity(Const.getEmailConfirmationError()).build();
				}
			} else
				response = Response.status(Status.UNAUTHORIZED).entity("").build();
		} else
			response = Response.status(Status.NOT_FOUND).entity("").build();
		return response;

	}


	// *** UPDATE *** //
	
	@PATCH
	@Path("{sessionToken}")
	@Consumes({ MediaType.APPLICATION_JSON })
	public Response patchSession( @HeaderParam(Const.USER_AGENT) String userAgent, @HeaderParam(value = Const.LOCATION) String location,
			@PathParam(Const.SESSION_TOKEN) String sessionToken, @CookieParam(value = Const.SESSION_TOKEN) String sessionTokenCookie) {
		Response response = null;
		if (sessionMid.sessionTokenExists(sessionToken)) {
			if (sessionMid.sessionExistsForUser(userId)) {
				if (location != null) {
					sessionMid.refreshSession(sessionToken, location, userAgent);
					response = Response.status(Status.OK).entity("").build();
				} // if the device does not have the gps turned on we should not
					// refresh the session.
					// only refresh it when an action is performed.
			}
			Response.status(Status.NOT_FOUND).entity(sessionToken).build();
		} else
			response = Response.status(Status.FORBIDDEN).entity("You do not have permission to access.").build();
		return response;
	}

	// *** DELETE *** //
	
	/**
	 * Deletes a session (logout).
	 * 
	 * @param sessionToken
	 * @return
	 */
	@DELETE
	@Path("{sessionToken}")
	public Response deleteSession(@PathParam(Const.SESSION_TOKEN) String sessionToken) {
		Response response = null;
		if (sessionMid.deleteUserSession(sessionToken, userId))
			response = Response.status(Status.OK).entity(sessionToken).build();
		else
			response = Response.status(Status.NOT_FOUND).entity(sessionToken).build();
		return response;
	}

	/**
	 * Deletes all the sessions of the user (a user can have more than one
	 * session, one for chrome, another for iphone, ect).
	 * 
	 * @return
	 */
	@DELETE
	@Path("/all")
	public Response deleteAllSessions(@CookieParam(value = Const.SESSION_TOKEN) String sessionToken) {
		Response response = null;
		if (sessionMid.sessionTokenExists(sessionToken)) {
			boolean sucess = sessionMid.deleteAllUserSessions(userId);
			if (sucess)
				response = Response.status(Status.OK).entity(userId).build();
			else
				response = Response.status(Status.NOT_FOUND).entity("No sessions exist").build();
		} else
			response = Response.status(Status.FORBIDDEN).entity("").build();

		return response;
	}


	// *** GET LIST *** //
	
	// *** GET *** //
	
	/**
	 * Gets the session fields associated with the token.
	 * 
	 * @param sessionToken
	 * @return
	 */
	@GET
	@Path("{sessionToken}")
	public Response getSessionFields( @PathParam(Const.SESSION_TOKEN) String sessionToken,
			@CookieParam(value = Const.SESSION_TOKEN) String sessionTokenCookie) {
		Response response = null;
		if (sessionMid.sessionTokenExists(sessionTokenCookie)) {
			response = Response.status(Status.OK).entity(sessionToken).build();
		} else
			response = Response.status(Status.NOT_FOUND).entity(sessionToken).build();
		return response;
	}

	
	// *** OTHERS *** //
	
	// *** RESOURCES *** //

}